Cybersecurity researchers have uncovered a new, notarized version of the MacSync information stealer disguised as a messaging app installer, exploiting Appleβs security measures. This campaign demonstrates evolving evasion techniques, including signing, notarization, and embedding large, seemingly legitimate files to evade detection. #MacSync #MacC0de #AppleSecurity
Keypoints
- A new variant of MacSync malware is distributed via a signed and notarized Swift app within a DMG file.
- The malware bypasses security checks by instructing users to right-click and open the app manually.
- The dropper performs environment checks before downloading and executing an encoded payload to evade detection.
- An unusually large DMG file containing unrelated PDFs is used to mask the malicious content.
- The malware exhibits updated command and control evasion tactics by modifying the curl command flags.
Read More: https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html